Privacy Policy

Last updated: April 2026

Northern Eye Consultants (“the Practice”) is committed to protecting the privacy and confidentiality of all personal information we hold. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal and health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By attending our practice or providing your information to us, you consent to the collection, use, and disclosure of that information in the manner described in this policy.

1. What Personal Information We Collect

We collect personal information that is necessary to provide you with safe and effective specialist eye care. This includes:

• Personal identifiers — full name, date of birth, address, and contact details (phone number and email address)
• Medicare and health fund details — Medicare number, private health insurance fund and membership number
• Referral information — referral letters and clinical information provided by your referring GP or optometrist
• Health information — medical history, ocular history, current medications, allergies, clinical examination findings, diagnoses, and treatment plans
• Imaging and investigation results — optical coherence tomography (OCT) scans, fundus photographs, visual field results, and other diagnostic data
• Operative records — surgical reports and anaesthetic records where applicable
• Billing and financial information — used to process Medicare claims and private health insurance benefits

We collect information directly from you (in person, by telephone, or via our registration forms), from your referring practitioner, and from other treating clinicians or hospitals involved in your care. We only collect information that is reasonably necessary for one or more of our functions or activities.

2. How We Use Your Personal Information

Your personal and health information is used for the following primary purposes:

• Providing clinical care — to assess, diagnose, and treat your eye conditions safely and effectively
• Clinical records — to create and maintain accurate medical records of your consultations, investigations, and treatment
• Referral communication — to communicate with your referring GP or optometrist, and with other treating specialists or hospitals involved in your care
• Billing and Medicare claims — to process accounts, submit Medicare claims, and liaise with private health insurers
• Appointment management — to schedule and confirm appointments, and to send recalls or reminders
• Legal and regulatory compliance — to meet our obligations under applicable health records and privacy legislation

We will not use your personal information for purposes other than those described above without your consent, unless required or authorised by law.

3. Who We May Share Your Information With

Your personal and health information may be disclosed to:

• Treating practitioners — your referring GP, optometrist, or other specialists involved in your ongoing care will receive correspondence outlining the findings and management plan from your consultation
• Hospitals and day surgery facilities — where you are admitted for a procedure, relevant clinical information will be shared with the admitting facility and anaesthetic team
• Billing and medical administration agencies — our billing service provider processes Medicare and health fund claims on our behalf and is bound by strict confidentiality obligations
• Diagnostic services — pathology, radiology, or other specialist testing services as required for your clinical investigation
• Regulatory and legal bodies — where required by law, a court order, subpoena, or other legal process
• Medical defence and insurance — in the event of a complaint or medico-legal matter, information may be disclosed to our medical defence organisation

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Storage and Security of Your Information

Your personal and health information is stored in secure electronic clinical record systems. We take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure. These steps include password-protected systems, role-based access controls, encrypted data transmission, and regular system security reviews.

In accordance with applicable health records legislation, clinical records are retained for a minimum of seven (7) years from the date of the last consultation, or in the case of children, until they reach the age of 25 years (whichever is later). After this period, records are destroyed securely.

Paper records and correspondence are stored securely on site and are accessible only to authorised staff. Electronic backups are performed regularly and stored securely.

5. Your Rights as a Patient

Access to Your Records

You have the right to request access to the personal and health information we hold about you. Requests for access should be made in writing to our practice. We will respond to your request within a reasonable timeframe and in the manner you request, where practicable. In most cases, access will be provided free of charge; however, a reasonable fee may apply for the cost of retrieval and copying of records.

Correction of Your Information

If you believe that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will take reasonable steps to correct the information promptly. If we are unable to agree that a correction is warranted, we will note your request and advise you of the reason.

Anonymity

Where lawful and practicable, you may interact with us without identifying yourself — for example, when making a general enquiry by phone. However, it is not practicable to provide clinical services without knowing your identity.

Withdrawal of Consent

You may withdraw consent to a particular use or disclosure of your personal information at any time by notifying us in writing. Please be aware that withdrawal of consent may affect our ability to provide you with clinical care.

6. Overseas Disclosure

In general, we do not disclose personal information to overseas recipients. If it becomes necessary to do so in connection with your clinical care (for example, in the context of overseas fellowship training or research collaboration), we will take reasonable steps to ensure the overseas recipient complies with the Australian Privacy Principles or a comparable privacy framework.

7. Complaints and Privacy Queries

If you have a concern about the way in which Northern Eye Consultants has handled your personal information, or if you wish to make a complaint, please contact us in the first instance:

We will acknowledge your complaint promptly and aim to resolve it within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version of this policy is available on our website and at our practice reception. We encourage you to review this policy periodically.